Essential

Just earned 15k for a valid Critical bug on @HackenProof #hackenproofed #bugbounty

@DeltaXV_ @MezoNetwork Great job friend 🙌, found something similar, weeks back. How much did they pay as bounty for the disclosure?

1 months ago I've discovered a critical vulnerability in @MezoNetwork's AssetsBridge precompile which could have led to a direct theft of $1,753,958.4 ($40m if no ratelimit). happy to share the security advisory (includes full report + PoC) and mezo post-mortem write-up. github.com/mezo-org/mezod… I'm also planning to post soon an X article about this finding which will include much more context on my journey and this discovery.

@Testimony_kid 😂😂

@only01Essential when you decide to send me $1k broskiii

Wen 1k?

@mylifechangefa1 😂😂

when u send 1k to me😂

Second dupped dlt High in this project. Man, I have been suffering with way too many duplicated reports

Exactly bro. We are all want that reward. Some will say please be patience. That could go on for weeks. But if it was an attacker, you make an offer immediately. Why will a protocol receive a crit and still keep you waiting for weeks? The incentives just don't align. I have reported bugs off platforms with serious money at risk, like it was right there. Six figures, but I am still patiently waiting for them, lol.

Let’s be honest. You can’t “fight blackhats” with good intentions. Blackhats are motivated by immediate money. They spend countless hours looking for ways to break protocols because the reward is instant. Whitehats are also expected to think like attackers, find critical bugs, report them responsibly, and then pray they get paid fairly. That’s the problem!! The only real difference between a whitehat and a blackhat should be responsible disclosure. Both need the same aggressive, adversarial mindset to find critical bugs. But the incentives are completely different. A blackhat finds a bug and can drain funds immediately. A whitehat finds the same bug and has to go through uncertainty, delays, disputes, underpayment, or sometimes no bounty at all. So people will naturally ask: Why should I protect a protocol that doesn’t seem to care about security?? Why should I report a critical bug when the blackhat path pays instantly?? We can pretend everyone will “always do the right thing,” but that’s not how people behave when life-changing money is involved. At the end of the day, security is an incentive game. If protocols don’t make responsible disclosure worth it, they shouldn’t be surprised when hacks keep happening.

@0x158_ @0xGreed_ @HackenProof Congrats man

After 4 dups and a looong wait thanks to OG @0xGreed_ for working with me on this 🫡 hoping for many more wins 💪

@cr4shls0v3rr1d3 I agree. Do some offer you peanuts for critical bugs as well?

@only01Essential I could make an extensive list of fraudulent web3 projects that try to scam researchers, but the list of protocols that truly care about security and take researchers' work seriously is quite short.

While there have been a huge spike in exploits, a lot of researchers are trying to help secure as many protocols as we can, but I have noticed that the communication between protocol teams and whitehats has been really terrible. Who else is experiencing this? I only report critical bugs but still, I have reports that have been pending even acknowledgment for almost two months, while some fix and stall communications for weeks, it's tiring

@0x15_eth E no easy o

@only01Essential swears bro...omo na everywhere oo

@0xSilvermist Congratulations👏

After months of trying and many duplicates... I can say I got my first confirmed bounty report 🙌 On to the next one! 🚀

@jussy_world @THORChain If the chain interferes users complain, if they don't they still complain

Meet the chain where HACKERS CASH OUT: @THORChain DPRK Hackers keep using Thorchain to launder money while chain keep collecting fees • FTX exploiter: $124M • Bybit hacker: $1.2B+ • Balancer exploiter: $120M • KelpDAO hacker: $175M (in 36h) $910K in fees from KelpDAO alone, More than their whole previous month ($709k) Team claim themselves “neutral” But was it really? While hundreds of millions got laundered through them Has this industry cared more about fees than users money?

@Cryptdark1 @HackenProof Thanks man 🫡

@only01Essential @HackenProof Congrats bro 💪

Yeay, I was awarded for a valid submission on @HackenProof hackenproof.com #hackenproofed #bugbounty

@JeffreyConnect @xyz_remedy Yeah. They will request your address

@only01Essential @xyz_remedy i went through the platform i didnt see a payout section or is it when you win a bounty

Two new confirmed High severity bugs on @xyz_remedy

@NeeleshW3 @HackenProof Thanks man 🫡

@only01Essential @HackenProof Huge congratulations bro less goo

@okiki_omisande @HackenProof Thanks man 🫡

@only01Essential @HackenProof Motion, congrats man!

@0xOrion0x @HackenProof Thanks man 🫡

@only01Essential @HackenProof Congrats! More is coming!

@3dRend81134 @HackenProof Thanks man 🫡

@only01Essential @HackenProof Congratulations, the future is brighter.

@Tega_ox @HackenProof Thanks man 🫡

@only01Essential @HackenProof Congrats man